BEST

보안 · 네트워크

보안

무작정 따라하며 원리를 깨우치는 웹 해킹 : WebGoat 편

Name: 무작정 따라하며 원리를 깨우치는 웹 해킹 : WebGoat 편
Price: 49500 KRW

WebGoat 문제 풀이를 통해 무작정 따라하면서 배우고, 익히고, 원리를 파악할 수 있는 웹 해킹 강의!

(5.0) 수강평 21개

수강생 454명

크리핵티브

모의해킹 WebGoat

이런 걸 배울 수 있어요

WebGoat란 무엇인가?
각종 웹 기능 별 취약점 응용 학습
OWASP Top 10 항목 진단 방법

웹고트 가상환경으로 취약점 실습하고, 웹 해킹 한 단계 레벨 업!

💡 웹 해킹 실습을 위한, 유명 가상 환경 WebGoat !

WebGoat는 JAVA 기반으로 제작된 웹 어플리케이션으로, 웹 해킹 취약점 항목별로 취약 환경이 구성되어 있으며 다양한 기능별 취약점 실습이 가능합니다.

💡 웹 해킹 입문 강의 이후 응용 학습을 위한 강의!

웹 개발자와 정보보안 입문자를 위한 웹 해킹 입문 강의 이후 각종 환경에 따른 응용 학습을 위한 강의입니다!

📖 무작정 따라하면서 배우고 익히고 원리를 파악하는 강의!

WebGoat 문제 풀이 실습을 통해 웹 해킹을 쉽게 배우고 공격 방법을 익힐 수 있으며, 취약점 원리 파악을 할 수 있습니다.

📝 WebGoat에서 다루는 웹 해킹 취약점 항목

OWASP Top 10 항목 위주로 취약점 항목이 구성되어 있습니다.

Injection
- SQL Injection
- Path traversal
Broken Authentication
- Authentication Bypasses
- JWT tokens
- Password reset
- Secure Passwords
Sensitive Data Exposure
- Insecure Login
XML External Entities(XXE)
Broken Access Control
- Insecure Direct Object References
- Missing Function Level Access Control
Cross-Site Scripting(XSS)
Insecure Deserialization
Vulnerable Components
Request Forgeries
- Cross-Site Request Forgery(CSRF)
- Server-Side Request Forgery(SSRF)
Client side
- Bypass front-end restrictions
- Client side filtering
- HTML tempering

수강 전 확인해주세요!

본 강의는 WebGoat 8.1.0 버전을 사용해 제작된 강의입니다.

💡 필수 시청 강좌

반드시 알고 넘어가야 할 웹 기술 기초편

웹 기술 기초를 익힐 수 있는 강좌

성공적인 SQL 인젝션 공격을 위한, SQL 기본 문법
SQL 인젝션 공격을 익히기 위한 기초 단계

웹 개발자들이 반드시 알아야 될,
웹 해킹과 보안 그리고 시큐어 코딩
웹 개발자와 정보보안 입문자들을 위한 웹 해킹 강의!

이런 분들께
추천드려요!

학습 대상은
누구일까요?

정보보안 입문자
웹 개발자
IT 전공자
웹 해킹이 궁금한분

선수 지식,
필요할까요?

웹 기초
웹 프록시
웹 해킹 기초

안녕하세요
입니다.

25,354

명

수강생

1,300

개

수강평

492

개

답변

4.9

점

강의 평점

개

강의

:: 국내 정보보안 솔루션 개발 기업 재직 ::
- 앱 위변조 방지 솔루션 : 미들웨어 담당 / 해킹 대회 운영진 / 국내 유명 해킹/방어 훈련장 제작

:: 국내 정보보안 전문 업체 재직 ::
- 블랙박스 모의해킹 / 시나리오 기반 모의해킹 / 웹 취약점 진단 / 모바일 취약점 진단 / 소스코드 취약점 진단 / APT 모의 훈련 / DDoS 모의훈련 / 인프라 진단 / 스마트 가전 진단
- 국내 대기업, 중소기업 다수 진단

:: 외부 교육 및 활동 ::
- 멀티캠퍼스, 국가 보안 기술 연구소(ETRI)
- 국내 정보보안 업체 : 재직자 대상 "웹 모의해킹 심화 교육" 진행중
- 해커팩토리 문제 제작

:: 취약점 발견 ::

1) Web Application Server 취약점
- TMAX JEUS : 원격 명령어 실행 취약점(Remote Command Execution Vulnerability)
- IBM WebSphere(CVE-2020-4163) : 원격 명령어 실행 취약점(Remote Command Execution Vulnerability)

2) CMS(Contents Management System) 취약점
- 네이버 스마트에디터 : 파일 업로드 취약점
- 그누보드 : SQL Injection , 파일 업로드 취약점(그누보드4, 그누보드5), XSS ...
- 킴스큐 : 파리미터 변조 취약점 , 파일 업로드 취약점

* 이메일 : crehacktive3@naver.com
* 블로그 : http://www.crehacktive.co.kr

커리큘럼

전체

91개 ∙ (11시간 50분)

섹션 1. 교육 프롤로그

2개 ∙ (13분)

1. 교육 소개
04:51
2. [추가] 버프스위트에서 원하는 요청,응답만 인터셉트하는 방법과 설정 저장하기
08:22

섹션 2. WebGoat 소개

3개 ∙ (24분)

3. WebGoat란 무엇인가?
04:38
4. WebGoat 설치 및 실행
12:40
5. WebGoat 풀이 전 당부사항
07:17

섹션 3. Injection

24개 ∙ (3시간 43분)

6. Injection이란 무엇인가?
04:12
7. SQL Injection이란 무엇인가?
08:19
8. [실습2-1] SQL Injection(intro) - 1
04:32
9. [실습2-2] SQL Injection(intro) - 2
04:08
10. [실습2-3] SQL Injection(intro) - 3
03:06
11. [실습2-4] SQL Injection(intro) - 4
01:57
12. [실습2-5] SQL Injection(intro) - 5
06:02
13. [실습2-6] SQL Injection(intro) - 6
04:25
14. [실습2-7] SQL Injection(intro) - 7
04:19
15. [실습2-8] SQL Injection(intro) - 8
06:34
16. [실습2-9] SQL Injection(intro) - 9
05:21
17. [실습2-10] SQL Injection(advanced) - 1
32:38
18. [실습2-11] SQL Injection(advanced) - 2
26:03
19. [실습2-12] SQL Injection(advanced) - 3
13:59
20. [실습2-13] SQL Injection(mitigation) - 1
04:19
21. [실습2-14] SQL Injection(mitigation) - 2
04:58
22. [실습2-15] SQL Injection(mitigation) - 3
12:09
23. [실습2-16] SQL Injection(mitigation) - 4
06:08
24. [실습2-17] SQL Injection(mitigation) - 5
34:59
25. Path traversal이란 무엇인가?
06:31
26. [실습2-18] Path traversal - 1
06:20
27. [실습2-19] Path traversal - 2
04:50
28. [실습2-20] Path traversal - 3
04:24
29. [실습2-21] Path traversal - 4
13:22

섹션 4. Broken Authentication

15개 ∙ (2시간 14분)

섹션 5. Sensitive Data Exposure

2개 ∙ (11분)

섹션 6. XML External Entities(XXE)

5개 ∙ (45분)

섹션 7. Broken Access Control

6개 ∙ (40분)

섹션 8. Cross-Site Scripting(XSS)

7개 ∙ (39분)

섹션 9. Insecure Deserialization

2개 ∙ (32분)

섹션 10. Vulnerable Components

3개 ∙ (12분)

섹션 11. Request Forgeries

10개 ∙ (45분)

섹션 12. Client Side

6개 ∙ (28분)

섹션 13. Challenges

5개 ∙ (54분)

섹션 14. 교육 에필로그

1개 ∙ (3분)

강의 게시일:

마지막 업데이트일:

수강평

전체

21개

5.0

21개의 수강평

anwi505152585
수강평 5
∙
평균 평점 5.0
5
67% 수강 후 작성
The lecture was great! I'm thinking of purchasing the file upload lecture, but when will Part 2 come out?
- crehacktive
  지식공유자
  I will do my best to complete it by the second half of this year.
ruke240888
수강평 16
∙
평균 평점 4.3
5
77% 수강 후 작성
It was good that there was more explanation of the solution process than just a simple solution process~ Creative that I trust and listen to!
jeshurun
수강평 11
∙
평균 평점 5.0
5
85% 수강 후 작성
It was good for learning the basics of penetration testing.
youjunglee5462
수강평 3
∙
평균 평점 4.7
5
31% 수강 후 작성
wh70457329
수강평 5
∙
평균 평점 4.2
5
100% 수강 후 작성
If you don't mind spending money, the explanations are currently focused on practice, so they are very helpful.

크리핵티브님의 다른 강의

지식공유자님의 다른 강의를 만나보세요!

Web Hacking & Secure Coding That Web Developers and Information Security Beginners Must Know

crehacktive

An introductory course on web hacking for information security beginners and web developers! Start web hacking in a fun way with this course!

초급

Penetration Testing, Injection

File Upload Vulnerability Advanced Attack Techniques PART2 [Integrated Edition]

crehacktive

The ultimate web hacking! File upload vulnerability attack technique! Part 2 of the 'Part 1' education follows Part 1 and covers more advanced techniques.

중급이상

Penetration Testing, Java, Web Shell

Analysis of File Upload Vulnerability Attack Techniques and Practical Cases by a Simulated Hacking Practitioner: PART 1

crehacktive

The ultimate web hacking master! File upload vulnerability attack technique! This is a training that will further improve the students' web hacking skills through a completely different approach from the existing known methods!

초급

Penetration Testing

Analysis of File Download Vulnerability Attack Techniques and Practical Cases by a Simulated Hacking Practitioner

crehacktive

Easy-to-follow file download vulnerability attack techniques from web hacking beginners to practitioners! File download vulnerability attack techniques and advanced attack techniques used in practice! And how to apply secure coding!

초급

Penetration Testing

Advanced SQL Injection Attack Techniques Explained by a Simulated Hacking Practitioner: PART 2

crehacktive

The second lecture on SQL Injection, taught by a mock hacking practitioner! The first lecture covered the basics and the core principles of attacks, while the second lecture is about technical advanced attack techniques. Therefore, taking the first lecture is a must!

중급이상

Penetration Testing, Injection

OAuth 2.0 Concepts and Principles Learned Through Practice, Hacking, and Security

crehacktive

We will take a closer look at the working principles through core theories and practices of the OAuth 2.0 protocol. And we will analyze the OAuth 2.0 protocol from the perspective of hacking and security.

중급이상

Penetration Testing, OAuth

XSS attack techniques explained by a mock hacking practitioner

crehacktive

This lecture covers the king of client attacks, XSS (Cross-Site Scripting). You can systematically learn about the basic concepts of XSS, the attack principles, and most importantly, what process to go through to perform the attack procedure.

초급

Penetration Testing, xss

Skill-Up! Webshell Obfuscation Techniques for Bypassing Webshell Detection Solutions

crehacktive

Basic understanding of web shells and web shell detection solutions, as well as attack methods and obfuscation techniques for bypassing them!

초급

Penetration Testing, Web Shell

File Upload Vulnerability Advanced Attack Techniques PART2-3: Attack Methodologies in Various Practical Environments

crehacktive

The ultimate web hacking! File upload vulnerability attack technique! Following Part 1, Part 2 '3rd part' education covers more advanced techniques in depth.

중급이상

Penetration Testing

File Upload Vulnerability Advanced Attack Techniques PART2-2: Basic Knowledge and Techniques for Bypassing Web Firewalls

crehacktive

The ultimate web hacking! File upload vulnerability attack technique! Part 2 of the '2nd part' education follows Part 1 and covers more advanced techniques.

중급이상

Penetration Testing

File Upload Vulnerability Advanced Attack Techniques PART2-1: File Upload Library Analysis and Attack Methodology

crehacktive

The ultimate web hacking! File upload vulnerability attack technique! Part 2 of the 'Part 1' education follows Part 1 and covers more advanced techniques.

중급이상

Penetration Testing

One-point lesson on web security for creating a secure website

crehacktive

In this course, you will learn how to create secure web services.

초급

Skill-Up! Create a web shell that you can learn and use right away

crehacktive

Web shell is the core tool for file upload vulnerability attacks! Let's learn how to create a web shell together through this lecture~!

초급

Web Shell, Bootstrap

SQL Injection Attack Techniques and Secure Coding Explained by a Simulated Hacking Practitioner: PART 1

crehacktive

SQL Injection, the flower of web hacking, explained by a mock hacking practitioner! Learn attack and defense at the same time.

초급

Penetration Testing, Injection

Basic SQL Grammar for Successful SQL Injection Attacks

crehacktive

The basic steps to learn SQL injection attacks, the flower of web hacking! This is a lecture on basic SQL grammar!

초급

SQL, Penetration Testing, MySQL

Talk about web hacking and mock hacking in the field

crehacktive

Introduction to web hacking and mock hacking for those who are new to web hacking and job seekers in related fields

입문

Penetration Testing

Web technology basics you must know

crehacktive

This is a course where you can learn the basics of web technology. You can learn the basics of web technology in a short period of time. If you are interested in studying or getting a job related to the web, you must take this course!

입문

Penetration Testing

비슷한 강의

같은 분야의 다른 강의를 만나보세요!

Basic SQL Grammar for Successful SQL Injection Attacks

crehacktive

The basic steps to learn SQL injection attacks, the flower of web hacking! This is a lecture on basic SQL grammar!

초급

Penetration Testing, MySQL, SQL

Talk about web hacking and mock hacking in the field

crehacktive

Introduction to web hacking and mock hacking for those who are new to web hacking and job seekers in related fields

입문

Penetration Testing

Understanding AWS Cloud Service Infrastructure Construction, Hacking, and Security

boanproject

IT services are rapidly transitioning to cloud environments. You will learn security practices from basic virtual infrastructure construction to security threat monitoring and vulnerability diagnosis for each area to secure the Amazon AWS cloud environment.

초급

AWS, Penetration Testing

Mock Hacking Job Preparation, Interview Preparation Course

boanproject

This lecture provides a general guide on how to prepare while studying when you want to choose a career in IT security penetration testing, and what questions and answers to prepare for the interview. I will share my experience working as a penetration testing consultant, at large companies, and in the financial sector, and currently running a penetration testing consulting business.

입문

Penetration Testing, Tech Interview

Web technology basics you must know

crehacktive

입문

Penetration Testing

무작정 따라하며 원리를 깨우치는 웹 해킹 : WebGoat 편

이런 걸 배울 수 있어요

💡 웹 해킹 실습을 위한, 유명 가상 환경 WebGoat !

💡 웹 해킹 입문 강의 이후 응용 학습을 위한 강의!

📖 무작정 따라하면서 배우고 익히고 원리를 파악하는 강의!

📝 WebGoat에서 다루는 웹 해킹 취약점 항목

💡 필수 시청 강좌

이런 분들께 추천드려요!

안녕하세요 입니다.

커리큘럼

수강평

크리핵티브님의 다른 강의

비슷한 강의

이런 분들께
추천드려요!

안녕하세요
입니다.